1 /* $OpenBSD: ftp-proxy.c,v 1.15 2007/08/15 15:18:02 camield Exp $ */
4 * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #define _KERNEL_STRUCTURES
20 #include <sys/queue.h>
21 #include <sys/types.h>
22 #include <sys/event.h>
24 #include <sys/resource.h>
25 #include <sys/socket.h>
28 #include <net/pf/pfvar.h>
29 #include <netinet/in.h>
30 #include <arpa/inet.h>
48 #define CONNECT_TIMEOUT 30
51 #define MAX_LOGLINE 300
53 #define TCP_BACKLOG 10
55 #define CHROOT_DIR "/var/empty"
56 #define NOPRIV_USER "proxy"
58 /* pfctl standard NAT range. */
59 #define PF_NAT_PROXY_PORT_LOW 50001
60 #define PF_NAT_PROXY_PORT_HIGH 65535
62 #define sstosa(ss) ((struct sockaddr *)(ss))
64 enum { CMD_NONE = 0, CMD_PORT, CMD_EPRT, CMD_PASV, CMD_EPSV };
74 struct sockaddr_storage client_ss;
75 struct sockaddr_storage proxy_ss;
76 struct sockaddr_storage server_ss;
77 struct sockaddr_storage orig_server_ss;
89 LIST_ENTRY(session) entry;
92 LIST_HEAD(, session) sessions = LIST_HEAD_INITIALIZER(sessions);
94 void buffer_data(struct session *, struct cbuf *, char *, size_t);
95 int client_parse(struct session *);
96 int client_parse_anon(struct session *);
97 int client_parse_cmd(struct session *);
98 void client_read(struct session *);
99 void client_write(struct session *);
100 int drop_privs(void);
101 void end_session(struct session *);
102 int exit_daemon(void);
103 int getline(char *, size_t *);
104 void handle_connection(const int);
105 void handle_signal(int);
106 struct session * init_session(void);
107 void logmsg(int, const char *, ...) __printflike(2, 3);
108 u_int16_t parse_port(int);
109 u_int16_t pick_proxy_port(void);
110 void proxy_reply(int, struct sockaddr *, u_int16_t);
111 int server_parse(struct session *);
112 void server_read(struct session *);
113 void server_write(struct session *);
114 int allow_data_connection(struct session *s);
115 const char *sock_ntop(struct sockaddr *);
118 char linebuf[MAX_LINE + 1];
121 char ntop_buf[NTOP_BUFS][INET6_ADDRSTRLEN];
123 #define KQ_NEVENTS 64
124 struct kevent changes[KQ_NEVENTS];
127 struct sockaddr_storage fixed_server_ss, fixed_proxy_ss;
128 char *fixed_server, *fixed_server_port, *fixed_proxy, *listen_ip, *listen_port,
130 int anonymous_only, daemonize, id_count, ipv6_mode, loglevel, max_sessions,
131 rfc_mode, session_count, timeout, verbose;
132 extern char *__progname;
135 buffer_data(struct session *s, struct cbuf *cb, char *buf, size_t len)
140 if (cb->buffer == NULL)
141 if ((cb->buffer = malloc(MAX_LINE)) == NULL)
144 memcpy(cb->buffer, buf, len);
145 cb->buffer_size = len;
149 logmsg(LOG_ERR, "#%d could not allocate memory for buffer", s->id);
154 client_parse(struct session *s)
156 /* Reset any previous command. */
160 /* Commands we are looking for are at least 4 chars long. */
164 if (linebuf[0] == 'P' || linebuf[0] == 'p' ||
165 linebuf[0] == 'E' || linebuf[0] == 'e') {
166 if (!client_parse_cmd(s))
170 * Allow active mode connections immediately, instead of
171 * waiting for a positive reply from the server. Some
172 * rare servers/proxies try to probe or setup the data
173 * connection before an actual transfer request.
175 if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT)
176 return (allow_data_connection(s));
179 if (anonymous_only && (linebuf[0] == 'U' || linebuf[0] == 'u'))
180 return (client_parse_anon(s));
186 client_parse_anon(struct session *s)
190 if (strcasecmp("USER ftp\r\n", linebuf) != 0 &&
191 strcasecmp("USER anonymous\r\n", linebuf) != 0) {
192 snprintf(linebuf, sizeof linebuf,
193 "500 Only anonymous FTP allowed\r\n");
194 logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
196 /* Talk back to the client ourself. */
197 linelen = strlen(linebuf);
198 written = write(s->client_fd, linebuf, linelen);
200 logmsg(LOG_ERR, "#%d write failed", s->id);
201 return (0); /* Session will be ended for us */
202 } else if (written < linelen) {
203 EV_SET(&changes[nchanges++], s->server_fd,
204 EVFILT_READ, EV_DISABLE, 0, 0, s);
205 EV_SET(&changes[nchanges++], s->client_fd,
206 EVFILT_WRITE, EV_ADD, 0, 0, s);
207 buffer_data(s, &s->client, linebuf + written,
212 /* Clear buffer so it's not sent to the server. */
221 client_parse_cmd(struct session *s)
223 if (strncasecmp("PASV", linebuf, 4) == 0)
225 else if (strncasecmp("PORT ", linebuf, 5) == 0)
227 else if (strncasecmp("EPSV", linebuf, 4) == 0)
229 else if (strncasecmp("EPRT ", linebuf, 5) == 0)
234 if (ipv6_mode && (s->cmd == CMD_PASV || s->cmd == CMD_PORT)) {
235 logmsg(LOG_CRIT, "PASV and PORT not allowed with IPv6");
239 if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) {
240 s->port = parse_port(s->cmd);
241 if (s->port < MIN_PORT) {
242 logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id,
246 s->proxy_port = pick_proxy_port();
247 proxy_reply(s->cmd, sstosa(&s->proxy_ss), s->proxy_port);
248 logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
255 client_read(struct session *s)
257 size_t buf_avail, bread, bwritten;
261 buf_avail = sizeof s->cbuf - s->cbuf_valid;
262 bread = read(s->client_fd, s->cbuf + s->cbuf_valid, buf_avail);
263 s->cbuf_valid += bread;
265 while ((n = getline(s->cbuf, &s->cbuf_valid)) > 0) {
266 logmsg(LOG_DEBUG, "#%d client: %s", s->id, linebuf);
267 if (!client_parse(s)) {
271 bwritten = write(s->server_fd, linebuf, linelen);
272 if (bwritten == -1) {
273 } else if (bwritten < linelen) {
274 EV_SET(&changes[nchanges++], s->client_fd,
275 EVFILT_READ, EV_DISABLE, 0, 0, s);
276 EV_SET(&changes[nchanges++], s->server_fd,
277 EVFILT_WRITE, EV_ADD, 0, 0, s);
278 buffer_data(s, &s->server, linebuf + bwritten,
285 logmsg(LOG_ERR, "#%d client command too long or not"
290 } while (bread == buf_avail);
294 client_write(struct session *s)
298 written = write(s->client_fd, s->client.buffer + s->client.buffer_offset,
299 s->client.buffer_size - s->client.buffer_offset);
301 logmsg(LOG_ERR, "#%d write failed", s->id);
303 } else if (written == (s->client.buffer_size - s->client.buffer_offset)) {
304 free(s->client.buffer);
305 s->client.buffer = NULL;
306 s->client.buffer_size = 0;
307 s->client.buffer_offset = 0;
308 EV_SET(&changes[nchanges++], s->server_fd,
309 EVFILT_READ, EV_ENABLE, 0, 0, s);
311 s->client.buffer_offset += written;
320 pw = getpwnam(NOPRIV_USER);
325 if (chroot(CHROOT_DIR) != 0 || chdir("/") != 0 ||
326 setgroups(1, &pw->pw_gid) != 0 ||
327 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0 ||
328 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0)
335 end_session(struct session *s)
339 logmsg(LOG_INFO, "#%d ending session", s->id);
341 if (s->client_fd != -1)
343 if (s->server_fd != -1)
346 if (s->client.buffer)
347 free(s->client.buffer);
348 if (s->server.buffer)
349 free(s->server.buffer);
351 /* Remove rulesets by commiting empty ones. */
353 if (prepare_commit(s->id) == -1)
355 else if (do_commit() == -1) {
360 logmsg(LOG_ERR, "#%d pf rule removal failed: %s", s->id,
363 LIST_REMOVE(s, entry);
371 struct session *s, *tmp;
373 LIST_FOREACH_MUTABLE(s, &sessions, entry, tmp) {
387 getline(char *buf, size_t *valid)
391 if (*valid > MAX_LINE)
394 /* Copy to linebuf while searching for a newline. */
395 for (i = 0; i < *valid; i++) {
404 /* No newline found. */
413 linebuf[linelen] = '\0';
416 /* Move leftovers to the start. */
418 bcopy(buf + linelen, buf, *valid);
420 return ((int)linelen);
424 handle_connection(const int listen_fd)
426 struct sockaddr_storage tmp_ss;
427 struct sockaddr *client_sa, *server_sa, *fixed_server_sa;
428 struct sockaddr *client_to_proxy_sa, *proxy_to_server_sa;
431 int client_fd, fc, on;
434 * We _must_ accept the connection, otherwise libevent will keep
435 * coming back, and we will chew up all CPU.
437 client_sa = sstosa(&tmp_ss);
438 len = sizeof(struct sockaddr_storage);
439 if ((client_fd = accept(listen_fd, client_sa, &len)) < 0) {
440 logmsg(LOG_CRIT, "accept failed: %s", strerror(errno));
444 /* Refuse connection if the maximum is reached. */
445 if (session_count >= max_sessions) {
446 logmsg(LOG_ERR, "client limit (%d) reached, refusing "
447 "connection from %s", max_sessions, sock_ntop(client_sa));
452 /* Allocate session and copy back the info from the accept(). */
455 logmsg(LOG_CRIT, "init_session failed");
459 s->client_fd = client_fd;
460 memcpy(sstosa(&s->client_ss), client_sa, client_sa->sa_len);
462 /* Cast it once, and be done with it. */
463 client_sa = sstosa(&s->client_ss);
464 server_sa = sstosa(&s->server_ss);
465 client_to_proxy_sa = sstosa(&tmp_ss);
466 proxy_to_server_sa = sstosa(&s->proxy_ss);
467 fixed_server_sa = sstosa(&fixed_server_ss);
469 /* Log id/client early to ease debugging. */
470 logmsg(LOG_DEBUG, "#%d accepted connection from %s", s->id,
471 sock_ntop(client_sa));
474 * Find out the real server and port that the client wanted.
476 len = sizeof(struct sockaddr_storage);
477 if ((getsockname(s->client_fd, client_to_proxy_sa, &len)) < 0) {
478 logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id,
482 if (server_lookup(client_sa, client_to_proxy_sa, server_sa) != 0) {
483 logmsg(LOG_CRIT, "#%d server lookup failed (no rdr?)", s->id);
487 memcpy(sstosa(&s->orig_server_ss), server_sa,
489 memcpy(server_sa, fixed_server_sa, fixed_server_sa->sa_len);
492 /* XXX: check we are not connecting to ourself. */
495 * Setup socket and connect to server.
497 if ((s->server_fd = socket(server_sa->sa_family, SOCK_STREAM,
499 logmsg(LOG_CRIT, "#%d server socket failed: %s", s->id,
503 if (fixed_proxy && bind(s->server_fd, sstosa(&fixed_proxy_ss),
504 fixed_proxy_ss.ss_len) != 0) {
505 logmsg(LOG_CRIT, "#%d cannot bind fixed proxy address: %s",
506 s->id, strerror(errno));
510 /* Use non-blocking connect(), see CONNECT_TIMEOUT below. */
511 if ((fc = fcntl(s->server_fd, F_GETFL)) == -1 ||
512 fcntl(s->server_fd, F_SETFL, fc | O_NONBLOCK) == -1) {
513 logmsg(LOG_CRIT, "#%d cannot mark socket non-blocking: %s",
514 s->id, strerror(errno));
517 if (connect(s->server_fd, server_sa, server_sa->sa_len) < 0 &&
518 errno != EINPROGRESS) {
519 logmsg(LOG_CRIT, "#%d proxy cannot connect to server %s: %s",
520 s->id, sock_ntop(server_sa), strerror(errno));
524 len = sizeof(struct sockaddr_storage);
525 if ((getsockname(s->server_fd, proxy_to_server_sa, &len)) < 0) {
526 logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id,
531 logmsg(LOG_INFO, "#%d FTP session %d/%d started: client %s to server "
532 "%s via proxy %s ", s->id, session_count, max_sessions,
533 sock_ntop(client_sa), sock_ntop(server_sa),
534 sock_ntop(proxy_to_server_sa));
536 /* Keepalive is nice, but don't care if it fails. */
538 setsockopt(s->client_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
540 setsockopt(s->server_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
543 EV_SET(&changes[nchanges++], s->client_fd, EVFILT_READ, EV_ADD, 0, 0, s);
544 EV_SET(&changes[nchanges++], s->server_fd, EVFILT_READ, EV_ADD, 0, 0, s);
553 handle_signal(int sig)
556 * Signal handler rules don't apply.
559 logmsg(LOG_ERR, "%s exiting on signal %d", __progname, sig);
570 s = calloc(1, sizeof(struct session));
581 s->client.buffer = NULL;
582 s->client.buffer_size = 0;
583 s->client.buffer_offset = 0;
584 s->server.buffer = NULL;
585 s->server.buffer_size = 0;
586 s->server.buffer_offset = 0;
590 LIST_INSERT_HEAD(&sessions, s, entry);
597 logmsg(int pri, const char *message, ...)
604 va_start(ap, message);
607 /* syslog does its own vissing. */
608 vsyslog(pri, message, ap);
610 char buf[MAX_LOGLINE];
611 char visbuf[2 * MAX_LOGLINE];
613 /* We don't care about truncation. */
614 vsnprintf(buf, sizeof buf, message, ap);
615 strnvis(visbuf, buf, sizeof visbuf, VIS_CSTYLE | VIS_NL);
616 fprintf(stderr, "%s\n", visbuf);
623 main(int argc, char *argv[])
626 struct addrinfo hints, *res;
627 int kq, ch, error, listenfd, on;
635 fixed_server_port = "21";
638 listen_port = "8021";
639 loglevel = LOG_NOTICE;
647 /* Other initialization. */
652 while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rT:t:v")) != -1) {
661 fixed_proxy = optarg;
667 loglevel = strtonum(optarg, LOG_EMERG, LOG_DEBUG,
670 errx(1, "loglevel %s", errstr);
676 max_sessions = strtonum(optarg, 1, 500, &errstr);
678 errx(1, "max sessions %s", errstr);
681 fixed_server_port = optarg;
684 listen_port = optarg;
687 if (strlen(optarg) >= PF_QNAME_SIZE)
688 errx(1, "queuename too long");
692 fixed_server = optarg;
698 if (strlen(optarg) >= PF_TAG_NAME_SIZE)
699 errx(1, "tagname too long");
703 timeout = strtonum(optarg, 0, 86400, &errstr);
705 errx(1, "timeout %s", errstr);
717 if (listen_ip == NULL)
718 listen_ip = ipv6_mode ? "::1" : "127.0.0.1";
720 /* Check for root to save the user from cryptic failure messages. */
722 errx(1, "needs to start as root");
724 /* Raise max. open files limit to satisfy max. sessions. */
725 rlp.rlim_cur = rlp.rlim_max = (2 * max_sessions) + 10;
726 if (setrlimit(RLIMIT_NOFILE, &rlp) == -1)
730 memset(&hints, 0, sizeof hints);
731 hints.ai_flags = AI_NUMERICHOST;
732 hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
733 hints.ai_socktype = SOCK_STREAM;
734 error = getaddrinfo(fixed_proxy, NULL, &hints, &res);
736 errx(1, "getaddrinfo fixed proxy address failed: %s",
737 gai_strerror(error));
738 memcpy(&fixed_proxy_ss, res->ai_addr, res->ai_addrlen);
739 logmsg(LOG_INFO, "using %s to connect to servers",
740 sock_ntop(sstosa(&fixed_proxy_ss)));
745 memset(&hints, 0, sizeof hints);
746 hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
747 hints.ai_socktype = SOCK_STREAM;
748 error = getaddrinfo(fixed_server, fixed_server_port, &hints,
751 errx(1, "getaddrinfo fixed server address failed: %s",
752 gai_strerror(error));
753 memcpy(&fixed_server_ss, res->ai_addr, res->ai_addrlen);
754 logmsg(LOG_INFO, "using fixed server %s",
755 sock_ntop(sstosa(&fixed_server_ss)));
759 /* Setup listener. */
760 memset(&hints, 0, sizeof hints);
761 hints.ai_flags = AI_NUMERICHOST | AI_PASSIVE;
762 hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
763 hints.ai_socktype = SOCK_STREAM;
764 error = getaddrinfo(listen_ip, listen_port, &hints, &res);
766 errx(1, "getaddrinfo listen address failed: %s",
767 gai_strerror(error));
768 if ((listenfd = socket(res->ai_family, SOCK_STREAM, IPPROTO_TCP)) == -1)
769 errx(1, "socket failed");
771 if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
773 err(1, "setsockopt failed");
774 if (bind(listenfd, (struct sockaddr *)res->ai_addr,
775 (socklen_t)res->ai_addrlen) != 0)
776 err(1, "bind failed");
777 if (listen(listenfd, TCP_BACKLOG) != 0)
778 err(1, "listen failed");
782 init_filter(qname, tagname, verbose);
785 if (daemon(0, 0) == -1)
786 err(1, "cannot daemonize");
787 openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
790 /* Use logmsg for output from here on. */
793 logmsg(LOG_ERR, "cannot drop privileges: %s", strerror(errno));
797 if ((kq = kqueue()) == -1) {
798 logmsg(LOG_ERR, "cannot create new kqueue(2): %s", strerror(errno));
802 /* Setup signal handler. */
803 signal(SIGPIPE, SIG_IGN);
804 EV_SET(&changes[nchanges++], SIGHUP, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL);
805 EV_SET(&changes[nchanges++], SIGINT, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL);
806 EV_SET(&changes[nchanges++], SIGTERM, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL);
808 EV_SET(&changes[nchanges++], listenfd, EVFILT_READ, EV_ADD, 0, 0, NULL);
810 logmsg(LOG_NOTICE, "listening on %s port %s", listen_ip, listen_port);
815 struct kevent events[KQ_NEVENTS], *event;
818 nevents = kevent(kq, &changes[0], nchanges, &events[0],
821 logmsg(LOG_ERR, "cannot create new kqueue(2): %s", strerror(errno));
826 for (i = 0; i < nevents; ++i) {
829 if (event->filter == EVFILT_SIGNAL) {
830 handle_signal(event->ident);
834 if (event->ident == listenfd) {
835 /* Handle new connection */
836 handle_connection(event->ident);
838 /* Process existing connection */
839 s = (struct session *)event->udata;
841 if (event->ident == s->client_fd) {
842 if (event->filter == EVFILT_READ)
847 if (event->filter == EVFILT_READ)
854 /* The next loop might overflow changes */
855 if (nchanges > KQ_NEVENTS - 4)
869 unsigned int port, v[6];
873 /* Find the last space or left-parenthesis. */
874 for (p = linebuf + linelen; p > linebuf; p--)
875 if (*p == ' ' || *p == '(')
882 n = sscanf(p, " %u,%u,%u,%u,%u,%u", &v[0], &v[1], &v[2],
883 &v[3], &v[4], &v[5]);
884 if (n == 6 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
885 v[3] < 256 && v[4] < 256 && v[5] < 256)
886 return ((v[4] << 8) | v[5]);
889 n = sscanf(p, "(%u,%u,%u,%u,%u,%u)", &v[0], &v[1], &v[2],
890 &v[3], &v[4], &v[5]);
891 if (n == 6 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
892 v[3] < 256 && v[4] < 256 && v[5] < 256)
893 return ((v[4] << 8) | v[5]);
896 n = sscanf(p, "(|||%u|)", &port);
897 if (n == 1 && port < 65536)
901 n = sscanf(p, " |1|%u.%u.%u.%u|%u|", &v[0], &v[1], &v[2],
903 if (n == 5 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
904 v[3] < 256 && port < 65536)
906 n = sscanf(p, " |2|%*[a-fA-F0-9:]|%u|", &port);
907 if (n == 1 && port < 65536)
918 pick_proxy_port(void)
920 /* Random should be good enough for avoiding port collisions. */
921 return (IPPORT_HIFIRSTAUTO + (arc4random() %
922 (IPPORT_HILASTAUTO - IPPORT_HIFIRSTAUTO)));
926 proxy_reply(int cmd, struct sockaddr *sa, u_int16_t port)
932 r = snprintf(linebuf, sizeof linebuf,
933 "PORT %s,%u,%u\r\n", sock_ntop(sa), port / 256,
937 r = snprintf(linebuf, sizeof linebuf,
938 "227 Entering Passive Mode (%s,%u,%u)\r\n", sock_ntop(sa),
939 port / 256, port % 256);
942 if (sa->sa_family == AF_INET)
943 r = snprintf(linebuf, sizeof linebuf,
944 "EPRT |1|%s|%u|\r\n", sock_ntop(sa), port);
945 else if (sa->sa_family == AF_INET6)
946 r = snprintf(linebuf, sizeof linebuf,
947 "EPRT |2|%s|%u|\r\n", sock_ntop(sa), port);
950 r = snprintf(linebuf, sizeof linebuf,
951 "229 Entering Extended Passive Mode (|||%u|)\r\n", port);
955 if (r < 0 || r >= sizeof linebuf) {
956 logmsg(LOG_ERR, "proxy_reply failed: %d", r);
963 if (cmd == CMD_PORT || cmd == CMD_PASV) {
964 /* Replace dots in IP address with commas. */
965 for (i = 0; i < linelen; i++)
966 if (linebuf[i] == '.')
972 server_parse(struct session *s)
974 if (s->cmd == CMD_NONE || linelen < 4 || linebuf[0] != '2')
977 if ((s->cmd == CMD_PASV && strncmp("227 ", linebuf, 4) == 0) ||
978 (s->cmd == CMD_EPSV && strncmp("229 ", linebuf, 4) == 0))
979 return (allow_data_connection(s));
989 allow_data_connection(struct session *s)
991 struct sockaddr *client_sa, *orig_sa, *proxy_sa, *server_sa;
994 if (s->cmd == CMD_NONE || linelen < 4 || linebuf[0] != '2')
998 * The pf rules below do quite some NAT rewriting, to keep up
999 * appearances. Points to keep in mind:
1000 * 1) The client must think it's talking to the real server,
1001 * for both control and data connections. Transparently.
1002 * 2) The server must think that the proxy is the client.
1003 * 3) Source and destination ports are rewritten to minimize
1004 * port collisions, to aid security (some systems pick weak
1005 * ports) or to satisfy RFC requirements (source port 20).
1008 /* Cast this once, to make code below it more readable. */
1009 client_sa = sstosa(&s->client_ss);
1010 server_sa = sstosa(&s->server_ss);
1011 proxy_sa = sstosa(&s->proxy_ss);
1013 /* Fixed server: data connections must appear to come
1014 from / go to the original server, not the fixed one. */
1015 orig_sa = sstosa(&s->orig_server_ss);
1017 /* Server not fixed: orig_server == server. */
1018 orig_sa = sstosa(&s->server_ss);
1020 /* Passive modes. */
1021 if (s->cmd == CMD_PASV || s->cmd == CMD_EPSV) {
1022 s->port = parse_port(s->cmd);
1023 if (s->port < MIN_PORT) {
1024 logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id,
1028 s->proxy_port = pick_proxy_port();
1029 logmsg(LOG_INFO, "#%d passive: client to server port %d"
1030 " via port %d", s->id, s->port, s->proxy_port);
1032 if (prepare_commit(s->id) == -1)
1036 proxy_reply(s->cmd, orig_sa, s->proxy_port);
1037 logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
1039 /* rdr from $client to $orig_server port $proxy_port -> $server
1041 if (add_rdr(s->id, client_sa, orig_sa, s->proxy_port,
1042 server_sa, s->port) == -1)
1045 /* nat from $client to $server port $port -> $proxy */
1046 if (add_nat(s->id, client_sa, server_sa, s->port, proxy_sa,
1047 PF_NAT_PROXY_PORT_LOW, PF_NAT_PROXY_PORT_HIGH) == -1)
1050 /* pass in from $client to $server port $port */
1051 if (add_filter(s->id, PF_IN, client_sa, server_sa,
1055 /* pass out from $proxy to $server port $port */
1056 if (add_filter(s->id, PF_OUT, proxy_sa, server_sa,
1062 if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) {
1063 logmsg(LOG_INFO, "#%d active: server to client port %d"
1064 " via port %d", s->id, s->port, s->proxy_port);
1066 if (prepare_commit(s->id) == -1)
1070 /* rdr from $server to $proxy port $proxy_port -> $client port
1072 if (add_rdr(s->id, server_sa, proxy_sa, s->proxy_port,
1073 client_sa, s->port) == -1)
1076 /* nat from $server to $client port $port -> $orig_server port
1078 if (rfc_mode && s->cmd == CMD_PORT) {
1079 /* Rewrite sourceport to RFC mandated 20. */
1080 if (add_nat(s->id, server_sa, client_sa, s->port,
1081 orig_sa, 20, 20) == -1)
1084 /* Let pf pick a source port from the standard range. */
1085 if (add_nat(s->id, server_sa, client_sa, s->port,
1086 orig_sa, PF_NAT_PROXY_PORT_LOW,
1087 PF_NAT_PROXY_PORT_HIGH) == -1)
1091 /* pass in from $server to $client port $port */
1092 if (add_filter(s->id, PF_IN, server_sa, client_sa, s->port) ==
1096 /* pass out from $orig_server to $client port $port */
1097 if (add_filter(s->id, PF_OUT, orig_sa, client_sa, s->port) ==
1102 /* Commit rules if they were prepared. */
1103 if (prepared && (do_commit() == -1)) {
1106 /* One more try if busy. */
1108 if (do_commit() == -1)
1119 logmsg(LOG_CRIT, "#%d pf operation failed: %s", s->id, strerror(errno));
1126 server_read(struct session *s)
1128 size_t buf_avail, bread, bwritten;
1132 buf_avail = sizeof s->sbuf - s->sbuf_valid;
1133 bread = read(s->server_fd, s->sbuf + s->sbuf_valid, buf_avail);
1134 s->sbuf_valid += bread;
1136 while ((n = getline(s->sbuf, &s->sbuf_valid)) > 0) {
1137 logmsg(LOG_DEBUG, "#%d server: %s", s->id, linebuf);
1138 if (!server_parse(s)) {
1142 bwritten = write(s->client_fd, linebuf, linelen);
1143 if (bwritten == -1) {
1144 logmsg(LOG_ERR, "#%d write failed", s->id);
1147 } else if (bwritten < linelen) {
1148 EV_SET(&changes[nchanges++], s->server_fd,
1149 EVFILT_READ, EV_DISABLE, 0, 0, s);
1150 EV_SET(&changes[nchanges++], s->client_fd,
1151 EVFILT_WRITE, EV_ADD, 0, 0, s);
1152 buffer_data(s, &s->client, linebuf + bwritten,
1153 linelen - bwritten);
1159 logmsg(LOG_ERR, "#%d server reply too long or not"
1164 } while (bread == buf_avail);
1168 server_write(struct session *s)
1172 written = write(s->server_fd, s->server.buffer + s->server.buffer_offset,
1173 s->server.buffer_size - s->server.buffer_offset);
1174 if (written == -1) {
1175 logmsg(LOG_ERR, "#%d write failed", s->id);
1177 } else if (written == (s->server.buffer_size - s->server.buffer_offset)) {
1178 free(s->server.buffer);
1179 s->server.buffer = NULL;
1180 s->server.buffer_size = 0;
1181 s->server.buffer_offset = 0;
1182 EV_SET(&changes[nchanges++], s->client_fd,
1183 EVFILT_READ, EV_ENABLE, 0, 0, s);
1185 s->server.buffer_offset += written;
1190 sock_ntop(struct sockaddr *sa)
1194 /* Cycle to next buffer. */
1195 n = (n + 1) % NTOP_BUFS;
1196 ntop_buf[n][0] = '\0';
1198 if (sa->sa_family == AF_INET) {
1199 struct sockaddr_in *sin = (struct sockaddr_in *)sa;
1201 return (inet_ntop(AF_INET, &sin->sin_addr, ntop_buf[n],
1202 sizeof ntop_buf[0]));
1205 if (sa->sa_family == AF_INET6) {
1206 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
1208 return (inet_ntop(AF_INET6, &sin6->sin6_addr, ntop_buf[n],
1209 sizeof ntop_buf[0]));
1218 fprintf(stderr, "usage: %s [-6Adrv] [-a address] [-b address]"
1219 " [-D level] [-m maxsessions]\n [-P port]"
1220 " [-p port] [-q queue] [-R address] [-T tag] [-t timeout]\n", __progname);